Impact
The ip6_vti module in the Linux kernel contains a flaw in vti6_tnl_lookup(): when an exact tunnel match fails, the routine falls back to searching wildcard tunnels but does not confirm that the candidate tunnel actually has a wildcard address. This oversight can allow hash collisions to cause packets to be associated with an unintended tunnel. The consequence is that traffic may be routed through a wrong tunnel or dropped entirely, resulting in misrouting or a local denial of service.
Affected Systems
Linux kernel builds that incorporate the unpatched ip6_vti module are affected. All Linux distributions running such kernel versions without the recent fix are susceptible.
Risk and Exploitability
The CVSS score of 9.8 indicates high severity, while an EPSS score of less than 1% suggests a low likelihood of exploitation. The flaw is not included in the CISA KEV catalog. Based on the description, it is inferred that an attacker could craft IPv6 packets designed to trigger the faulty lookup, thereby potentially causing misrouting or a local denial of service. The vulnerability does not require elevated privileges; it can be triggered by sending targeted IPv6 traffic to the affected system.
OpenCVE Enrichment
Debian DLA